source: UsbWattMeter/trunk/wolfssl-3.7.0/src/crl.c@ 165

Last change on this file since 165 was 164, checked in by coas-nagasima, 8 years ago

TOPPERS/ECNLサンプルアプリ「USB充電器電力計」を追加
  • Property svn:eol-style set to native
  • Property svn:keywords set to Id
  • Property svn:mime-type set to text/x-csrc
File size: 19.2 KB
Line 
1/* crl.c
2 *
3 * Copyright (C) 2006-2015 wolfSSL Inc.
4 *
5 * This file is part of wolfSSL. (formerly known as CyaSSL)
6 *
7 * wolfSSL is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * wolfSSL is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
20 */
21
22 /* Name change compatibility layer no longer needs included here */
23
24#ifdef HAVE_CONFIG_H
25 #include <config.h>
26#endif
27
28#include <wolfssl/wolfcrypt/settings.h>
29
30#ifndef WOLFCRYPT_ONLY
31#ifdef HAVE_CRL
32
33#include <wolfssl/internal.h>
34#include <wolfssl/error-ssl.h>
35
36#ifndef NO_FILESYSTEM
37 #include <dirent.h>
38 #include <sys/stat.h>
39#endif
40
41#include <string.h>
42
43#ifdef HAVE_CRL_MONITOR
44 static int StopMonitor(int mfd);
45#endif
46
47
48/* Initialze CRL members */
49int InitCRL(WOLFSSL_CRL* crl, WOLFSSL_CERT_MANAGER* cm)
50{
51 WOLFSSL_ENTER("InitCRL");
52
53 crl->cm = cm;
54 crl->crlList = NULL;
55 crl->monitors[0].path = NULL;
56 crl->monitors[1].path = NULL;
57#ifdef HAVE_CRL_MONITOR
58 crl->tid = 0;
59 crl->mfd = -1; /* mfd for bsd is kqueue fd, eventfd for linux */
60#endif
61 if (InitMutex(&crl->crlLock) != 0)
62 return BAD_MUTEX_E;
63
64 return 0;
65}
66
67
68/* Initialze CRL Entry */
69static int InitCRL_Entry(CRL_Entry* crle, DecodedCRL* dcrl)
70{
71 WOLFSSL_ENTER("InitCRL_Entry");
72
73 XMEMCPY(crle->issuerHash, dcrl->issuerHash, CRL_DIGEST_SIZE);
74 /* XMEMCPY(crle->crlHash, dcrl->crlHash, CRL_DIGEST_SIZE);
75 * copy the hash here if needed for optimized comparisons */
76 XMEMCPY(crle->lastDate, dcrl->lastDate, MAX_DATE_SIZE);
77 XMEMCPY(crle->nextDate, dcrl->nextDate, MAX_DATE_SIZE);
78 crle->lastDateFormat = dcrl->lastDateFormat;
79 crle->nextDateFormat = dcrl->nextDateFormat;
80
81 crle->certs = dcrl->certs; /* take ownsership */
82 dcrl->certs = NULL;
83 crle->totalCerts = dcrl->totalCerts;
84
85 return 0;
86}
87
88
89/* Free all CRL Entry resources */
90static void FreeCRL_Entry(CRL_Entry* crle)
91{
92 RevokedCert* tmp = crle->certs;
93
94 WOLFSSL_ENTER("FreeCRL_Entry");
95
96 while(tmp) {
97 RevokedCert* next = tmp->next;
98 XFREE(tmp, NULL, DYNAMIC_TYPE_REVOKED);
99 tmp = next;
100 }
101}
102
103
104
105/* Free all CRL resources */
106void FreeCRL(WOLFSSL_CRL* crl, int dynamic)
107{
108 CRL_Entry* tmp = crl->crlList;
109
110 WOLFSSL_ENTER("FreeCRL");
111
112 if (crl->monitors[0].path)
113 XFREE(crl->monitors[0].path, NULL, DYNAMIC_TYPE_CRL_MONITOR);
114
115 if (crl->monitors[1].path)
116 XFREE(crl->monitors[1].path, NULL, DYNAMIC_TYPE_CRL_MONITOR);
117
118 while(tmp) {
119 CRL_Entry* next = tmp->next;
120 FreeCRL_Entry(tmp);
121 XFREE(tmp, NULL, DYNAMIC_TYPE_CRL_ENTRY);
122 tmp = next;
123 }
124
125#ifdef HAVE_CRL_MONITOR
126 if (crl->tid != 0) {
127 WOLFSSL_MSG("stopping monitor thread");
128 if (StopMonitor(crl->mfd) == 0)
129 pthread_join(crl->tid, NULL);
130 else {
131 WOLFSSL_MSG("stop monitor failed, cancel instead");
132 pthread_cancel(crl->tid);
133 }
134 }
135#endif
136 FreeMutex(&crl->crlLock);
137 if (dynamic) /* free self */
138 XFREE(crl, NULL, DYNAMIC_TYPE_CRL);
139}
140
141
142/* Is the cert ok with CRL, return 0 on success */
143int CheckCertCRL(WOLFSSL_CRL* crl, DecodedCert* cert)
144{
145 CRL_Entry* crle;
146 int foundEntry = 0;
147 int ret = 0;
148
149 WOLFSSL_ENTER("CheckCertCRL");
150
151 if (LockMutex(&crl->crlLock) != 0) {
152 WOLFSSL_MSG("LockMutex failed");
153 return BAD_MUTEX_E;
154 }
155
156 crle = crl->crlList;
157
158 while (crle) {
159 if (XMEMCMP(crle->issuerHash, cert->issuerHash, CRL_DIGEST_SIZE) == 0) {
160 int doNextDate = 1;
161
162 WOLFSSL_MSG("Found CRL Entry on list");
163 WOLFSSL_MSG("Checking next date validity");
164
165 #ifdef WOLFSSL_NO_CRL_NEXT_DATE
166 if (crle->nextDateFormat == ASN_OTHER_TYPE)
167 doNextDate = 0; /* skip */
168 #endif
169
170 if (doNextDate && !ValidateDate(crle->nextDate,
171 crle->nextDateFormat, AFTER)) {
172 WOLFSSL_MSG("CRL next date is no longer valid");
173 ret = ASN_AFTER_DATE_E;
174 }
175 else
176 foundEntry = 1;
177 break;
178 }
179 crle = crle->next;
180 }
181
182 if (foundEntry) {
183 RevokedCert* rc = crle->certs;
184
185 while (rc) {
186 if (XMEMCMP(rc->serialNumber, cert->serial, rc->serialSz) == 0) {
187 WOLFSSL_MSG("Cert revoked");
188 ret = CRL_CERT_REVOKED;
189 break;
190 }
191 rc = rc->next;
192 }
193 }
194
195 UnLockMutex(&crl->crlLock);
196
197 if (foundEntry == 0) {
198 WOLFSSL_MSG("Couldn't find CRL for status check");
199 ret = CRL_MISSING;
200 if (crl->cm->cbMissingCRL) {
201 char url[256];
202
203 WOLFSSL_MSG("Issuing missing CRL callback");
204 url[0] = '\0';
205 if (cert->extCrlInfoSz < (int)sizeof(url) -1 ) {
206 XMEMCPY(url, cert->extCrlInfo, cert->extCrlInfoSz);
207 url[cert->extCrlInfoSz] = '\0';
208 }
209 else {
210 WOLFSSL_MSG("CRL url too long");
211 }
212 crl->cm->cbMissingCRL(url);
213 }
214 }
215
216
217 return ret;
218}
219
220
221/* Add Decoded CRL, 0 on success */
222static int AddCRL(WOLFSSL_CRL* crl, DecodedCRL* dcrl)
223{
224 CRL_Entry* crle;
225
226 WOLFSSL_ENTER("AddCRL");
227
228 crle = (CRL_Entry*)XMALLOC(sizeof(CRL_Entry), NULL, DYNAMIC_TYPE_CRL_ENTRY);
229 if (crle == NULL) {
230 WOLFSSL_MSG("alloc CRL Entry failed");
231 return -1;
232 }
233
234 if (InitCRL_Entry(crle, dcrl) < 0) {
235 WOLFSSL_MSG("Init CRL Entry failed");
236 XFREE(crle, NULL, DYNAMIC_TYPE_CRL_ENTRY);
237 return -1;
238 }
239
240 if (LockMutex(&crl->crlLock) != 0) {
241 WOLFSSL_MSG("LockMutex failed");
242 FreeCRL_Entry(crle);
243 XFREE(crle, NULL, DYNAMIC_TYPE_CRL_ENTRY);
244 return BAD_MUTEX_E;
245 }
246 crle->next = crl->crlList;
247 crl->crlList = crle;
248 UnLockMutex(&crl->crlLock);
249
250 return 0;
251}
252
253
254/* Load CRL File of type, SSL_SUCCESS on ok */
255int BufferLoadCRL(WOLFSSL_CRL* crl, const byte* buff, long sz, int type)
256{
257 int ret = SSL_SUCCESS;
258 const byte* myBuffer = buff; /* if DER ok, otherwise switch */
259 buffer der;
260#ifdef WOLFSSL_SMALL_STACK
261 DecodedCRL* dcrl;
262#else
263 DecodedCRL dcrl[1];
264#endif
265
266 der.buffer = NULL;
267
268 WOLFSSL_ENTER("BufferLoadCRL");
269
270 if (crl == NULL || buff == NULL || sz == 0)
271 return BAD_FUNC_ARG;
272
273 if (type == SSL_FILETYPE_PEM) {
274 int eccKey = 0; /* not used */
275 EncryptedInfo info;
276 info.ctx = NULL;
277
278 ret = PemToDer(buff, sz, CRL_TYPE, &der, NULL, &info, &eccKey);
279 if (ret == 0) {
280 myBuffer = der.buffer;
281 sz = der.length;
282 }
283 else {
284 WOLFSSL_MSG("Pem to Der failed");
285 return -1;
286 }
287 }
288
289#ifdef WOLFSSL_SMALL_STACK
290 dcrl = (DecodedCRL*)XMALLOC(sizeof(DecodedCRL), NULL, DYNAMIC_TYPE_TMP_BUFFER);
291 if (dcrl == NULL) {
292 if (der.buffer)
293 XFREE(der.buffer, NULL, DYNAMIC_TYPE_CRL);
294
295 return MEMORY_E;
296 }
297#endif
298
299 InitDecodedCRL(dcrl);
300 ret = ParseCRL(dcrl, myBuffer, (word32)sz, crl->cm);
301 if (ret != 0) {
302 WOLFSSL_MSG("ParseCRL error");
303 }
304 else {
305 ret = AddCRL(crl, dcrl);
306 if (ret != 0) {
307 WOLFSSL_MSG("AddCRL error");
308 }
309 }
310
311 FreeDecodedCRL(dcrl);
312
313#ifdef WOLFSSL_SMALL_STACK
314 XFREE(dcrl, NULL, DYNAMIC_TYPE_TMP_BUFFER);
315#endif
316
317 if (der.buffer)
318 XFREE(der.buffer, NULL, DYNAMIC_TYPE_CRL);
319
320 return ret ? ret : SSL_SUCCESS; /* convert 0 to SSL_SUCCESS */
321}
322
323
324#ifdef HAVE_CRL_MONITOR
325
326
327/* read in new CRL entries and save new list */
328static int SwapLists(WOLFSSL_CRL* crl)
329{
330 int ret;
331 CRL_Entry* newList;
332#ifdef WOLFSSL_SMALL_STACK
333 WOLFSSL_CRL* tmp;
334#else
335 WOLFSSL_CRL tmp[1];
336#endif
337
338#ifdef WOLFSSL_SMALL_STACK
339 tmp = (WOLFSSL_CRL*)XMALLOC(sizeof(WOLFSSL_CRL), NULL, DYNAMIC_TYPE_TMP_BUFFER);
340 if (tmp == NULL)
341 return MEMORY_E;
342#endif
343
344 if (InitCRL(tmp, crl->cm) < 0) {
345 WOLFSSL_MSG("Init tmp CRL failed");
346#ifdef WOLFSSL_SMALL_STACK
347 XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
348#endif
349 return -1;
350 }
351
352 if (crl->monitors[0].path) {
353 ret = LoadCRL(tmp, crl->monitors[0].path, SSL_FILETYPE_PEM, 0);
354 if (ret != SSL_SUCCESS) {
355 WOLFSSL_MSG("PEM LoadCRL on dir change failed");
356 FreeCRL(tmp, 0);
357#ifdef WOLFSSL_SMALL_STACK
358 XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
359#endif
360 return -1;
361 }
362 }
363
364 if (crl->monitors[1].path) {
365 ret = LoadCRL(tmp, crl->monitors[1].path, SSL_FILETYPE_ASN1, 0);
366 if (ret != SSL_SUCCESS) {
367 WOLFSSL_MSG("DER LoadCRL on dir change failed");
368 FreeCRL(tmp, 0);
369#ifdef WOLFSSL_SMALL_STACK
370 XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
371#endif
372 return -1;
373 }
374 }
375
376 if (LockMutex(&crl->crlLock) != 0) {
377 WOLFSSL_MSG("LockMutex failed");
378 FreeCRL(tmp, 0);
379#ifdef WOLFSSL_SMALL_STACK
380 XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
381#endif
382 return -1;
383 }
384
385 newList = tmp->crlList;
386
387 /* swap lists */
388 tmp->crlList = crl->crlList;
389 crl->crlList = newList;
390
391 UnLockMutex(&crl->crlLock);
392
393 FreeCRL(tmp, 0);
394
395#ifdef WOLFSSL_SMALL_STACK
396 XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
397#endif
398
399 return 0;
400}
401
402
403#if (defined(__MACH__) || defined(__FreeBSD__))
404
405#include <sys/types.h>
406#include <sys/event.h>
407#include <sys/time.h>
408#include <fcntl.h>
409#include <unistd.h>
410
411#ifdef __MACH__
412 #define XEVENT_MODE O_EVTONLY
413#elif defined(__FreeBSD__)
414 #define XEVENT_MODE EVFILT_VNODE
415#endif
416
417
418/* we need a unique kqueue user filter fd for crl in case user is doing custom
419 * events too */
420#ifndef CRL_CUSTOM_FD
421 #define CRL_CUSTOM_FD 123456
422#endif
423
424
425/* shutdown monitor thread, 0 on success */
426static int StopMonitor(int mfd)
427{
428 struct kevent change;
429
430 /* trigger custom shutdown */
431 EV_SET(&change, CRL_CUSTOM_FD, EVFILT_USER, 0, NOTE_TRIGGER, 0, NULL);
432 if (kevent(mfd, &change, 1, NULL, 0, NULL) < 0) {
433 WOLFSSL_MSG("kevent trigger customer event failed");
434 return -1;
435 }
436
437 return 0;
438}
439
440
441/* OS X monitoring */
442static void* DoMonitor(void* arg)
443{
444 int fPEM, fDER;
445 struct kevent change;
446
447 WOLFSSL_CRL* crl = (WOLFSSL_CRL*)arg;
448
449 WOLFSSL_ENTER("DoMonitor");
450
451 crl->mfd = kqueue();
452 if (crl->mfd == -1) {
453 WOLFSSL_MSG("kqueue failed");
454 return NULL;
455 }
456
457 /* listen for custom shutdown event */
458 EV_SET(&change, CRL_CUSTOM_FD, EVFILT_USER, EV_ADD, 0, 0, NULL);
459 if (kevent(crl->mfd, &change, 1, NULL, 0, NULL) < 0) {
460 WOLFSSL_MSG("kevent monitor customer event failed");
461 close(crl->mfd);
462 return NULL;
463 }
464
465 fPEM = -1;
466 fDER = -1;
467
468 if (crl->monitors[0].path) {
469 fPEM = open(crl->monitors[0].path, XEVENT_MODE);
470 if (fPEM == -1) {
471 WOLFSSL_MSG("PEM event dir open failed");
472 close(crl->mfd);
473 return NULL;
474 }
475 }
476
477 if (crl->monitors[1].path) {
478 fDER = open(crl->monitors[1].path, XEVENT_MODE);
479 if (fDER == -1) {
480 WOLFSSL_MSG("DER event dir open failed");
481 close(crl->mfd);
482 return NULL;
483 }
484 }
485
486 if (fPEM != -1)
487 EV_SET(&change, fPEM, EVFILT_VNODE, EV_ADD | EV_ENABLE | EV_ONESHOT,
488 NOTE_DELETE | NOTE_EXTEND | NOTE_WRITE | NOTE_ATTRIB, 0, 0);
489
490 if (fDER != -1)
491 EV_SET(&change, fDER, EVFILT_VNODE, EV_ADD | EV_ENABLE | EV_ONESHOT,
492 NOTE_DELETE | NOTE_EXTEND | NOTE_WRITE | NOTE_ATTRIB, 0, 0);
493
494 for (;;) {
495 struct kevent event;
496 int numEvents = kevent(crl->mfd, &change, 1, &event, 1, NULL);
497
498 WOLFSSL_MSG("Got kevent");
499
500 if (numEvents == -1) {
501 WOLFSSL_MSG("kevent problem, continue");
502 continue;
503 }
504
505 if (event.filter == EVFILT_USER) {
506 WOLFSSL_MSG("Got user shutdown event, breaking out");
507 break;
508 }
509
510 if (SwapLists(crl) < 0) {
511 WOLFSSL_MSG("SwapLists problem, continue");
512 }
513 }
514
515 if (fPEM != -1)
516 close(fPEM);
517 if (fDER != -1)
518 close(fDER);
519
520 close(crl->mfd);
521
522 return NULL;
523}
524
525
526#elif defined(__linux__)
527
528#include <sys/types.h>
529#include <sys/inotify.h>
530#include <sys/eventfd.h>
531#include <unistd.h>
532
533
534#ifndef max
535 static INLINE int max(int a, int b)
536 {
537 return a > b ? a : b;
538 }
539#endif /* max */
540
541
542/* shutdown monitor thread, 0 on success */
543static int StopMonitor(int mfd)
544{
545 word64 w64 = 1;
546
547 /* write to our custom event */
548 if (write(mfd, &w64, sizeof(w64)) < 0) {
549 WOLFSSL_MSG("StopMonitor write failed");
550 return -1;
551 }
552
553 return 0;
554}
555
556
557/* linux monitoring */
558static void* DoMonitor(void* arg)
559{
560 int notifyFd;
561 int wd = -1;
562 WOLFSSL_CRL* crl = (WOLFSSL_CRL*)arg;
563#ifdef WOLFSSL_SMALL_STACK
564 char* buff;
565#else
566 char buff[8192];
567#endif
568
569 WOLFSSL_ENTER("DoMonitor");
570
571 crl->mfd = eventfd(0, 0); /* our custom shutdown event */
572 if (crl->mfd < 0) {
573 WOLFSSL_MSG("eventfd failed");
574 return NULL;
575 }
576
577 notifyFd = inotify_init();
578 if (notifyFd < 0) {
579 WOLFSSL_MSG("inotify failed");
580 close(crl->mfd);
581 return NULL;
582 }
583
584 if (crl->monitors[0].path) {
585 wd = inotify_add_watch(notifyFd, crl->monitors[0].path, IN_CLOSE_WRITE |
586 IN_DELETE);
587 if (wd < 0) {
588 WOLFSSL_MSG("PEM notify add watch failed");
589 close(crl->mfd);
590 close(notifyFd);
591 return NULL;
592 }
593 }
594
595 if (crl->monitors[1].path) {
596 wd = inotify_add_watch(notifyFd, crl->monitors[1].path, IN_CLOSE_WRITE |
597 IN_DELETE);
598 if (wd < 0) {
599 WOLFSSL_MSG("DER notify add watch failed");
600 close(crl->mfd);
601 close(notifyFd);
602 return NULL;
603 }
604 }
605
606#ifdef WOLFSSL_SMALL_STACK
607 buff = (char*)XMALLOC(8192, NULL, DYNAMIC_TYPE_TMP_BUFFER);
608 if (buff == NULL)
609 return NULL;
610#endif
611
612 for (;;) {
613 fd_set readfds;
614 int result;
615 int length;
616
617 FD_ZERO(&readfds);
618 FD_SET(notifyFd, &readfds);
619 FD_SET(crl->mfd, &readfds);
620
621 result = select(max(notifyFd, crl->mfd) + 1, &readfds, NULL, NULL,NULL);
622
623 WOLFSSL_MSG("Got notify event");
624
625 if (result < 0) {
626 WOLFSSL_MSG("select problem, continue");
627 continue;
628 }
629
630 if (FD_ISSET(crl->mfd, &readfds)) {
631 WOLFSSL_MSG("got custom shutdown event, breaking out");
632 break;
633 }
634
635 length = read(notifyFd, buff, 8192);
636 if (length < 0) {
637 WOLFSSL_MSG("notify read problem, continue");
638 continue;
639 }
640
641 if (SwapLists(crl) < 0) {
642 WOLFSSL_MSG("SwapLists problem, continue");
643 }
644 }
645
646#ifdef WOLFSSL_SMALL_STACK
647 XFREE(buff, NULL, DYNAMIC_TYPE_TMP_BUFFER);
648#endif
649
650 if (wd > 0)
651 inotify_rm_watch(notifyFd, wd);
652 close(crl->mfd);
653 close(notifyFd);
654
655 return NULL;
656}
657
658
659#else
660
661#error "CRL monitor only currently supported on linux or mach"
662
663#endif /* MACH or linux */
664
665
666/* Start Monitoring the CRL path(s) in a thread */
667static int StartMonitorCRL(WOLFSSL_CRL* crl)
668{
669 pthread_attr_t attr;
670
671 WOLFSSL_ENTER("StartMonitorCRL");
672
673 if (crl == NULL)
674 return BAD_FUNC_ARG;
675
676 if (crl->tid != 0) {
677 WOLFSSL_MSG("Monitor thread already running");
678 return MONITOR_RUNNING_E;
679 }
680
681 pthread_attr_init(&attr);
682
683 if (pthread_create(&crl->tid, &attr, DoMonitor, crl) != 0) {
684 WOLFSSL_MSG("Thread creation error");
685 return THREAD_CREATE_E;
686 }
687
688 return SSL_SUCCESS;
689}
690
691
692#else /* HAVE_CRL_MONITOR */
693
694#ifndef NO_FILESYSTEM
695
696static int StartMonitorCRL(WOLFSSL_CRL* crl)
697{
698 (void)crl;
699
700 WOLFSSL_ENTER("StartMonitorCRL");
701 WOLFSSL_MSG("Not compiled in");
702
703 return NOT_COMPILED_IN;
704}
705
706#endif /* NO_FILESYSTEM */
707
708#endif /* HAVE_CRL_MONITOR */
709
710#ifndef NO_FILESYSTEM
711
712/* Load CRL path files of type, SSL_SUCCESS on ok */
713int LoadCRL(WOLFSSL_CRL* crl, const char* path, int type, int monitor)
714{
715 struct dirent* entry;
716 DIR dir;
717 int ret = SSL_SUCCESS;
718#ifdef WOLFSSL_SMALL_STACK
719 char* name;
720#else
721 char name[MAX_FILENAME_SZ];
722#endif
723
724 WOLFSSL_ENTER("LoadCRL");
725 if (crl == NULL)
726 return BAD_FUNC_ARG;
727
728 ret = f_opendir(&dir, path);
729 if (ret != FR_OK) {
730 WOLFSSL_MSG("opendir path crl load failed");
731 return BAD_PATH_ERROR;
732 }
733
734#ifdef WOLFSSL_SMALL_STACK
735 name = (char*)XMALLOC(MAX_FILENAME_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER);
736 if (name == NULL)
737 return MEMORY_E;
738#endif
739
740 while ( (entry = f_readdir(&dir)) != NULL) {
741 struct stat s;
742
743 XMEMSET(name, 0, MAX_FILENAME_SZ);
744 XSTRNCPY(name, path, MAX_FILENAME_SZ/2 - 2);
745 XSTRNCAT(name, "/", 1);
746 XSTRNCAT(name, entry->d_name, MAX_FILENAME_SZ/2);
747
748 if (stat(name, &s) != 0) {
749 WOLFSSL_MSG("stat on name failed");
750 continue;
751 }
752 if (s.st_mode & S_IFREG) {
753
754 if (type == SSL_FILETYPE_PEM) {
755 if (strstr(entry->d_name, ".pem") == NULL) {
756 WOLFSSL_MSG("not .pem file, skipping");
757 continue;
758 }
759 }
760 else {
761 if (strstr(entry->d_name, ".der") == NULL &&
762 strstr(entry->d_name, ".crl") == NULL) {
763
764 WOLFSSL_MSG("not .der or .crl file, skipping");
765 continue;
766 }
767 }
768
769 if (ProcessFile(NULL, name, type, CRL_TYPE, NULL, 0, crl)
770 != SSL_SUCCESS) {
771 WOLFSSL_MSG("CRL file load failed, continuing");
772 }
773 }
774 }
775
776#ifdef WOLFSSL_SMALL_STACK
777 XFREE(name, NULL, DYNAMIC_TYPE_TMP_BUFFER);
778#endif
779
780 if (monitor & WOLFSSL_CRL_MONITOR) {
781 WOLFSSL_MSG("monitor path requested");
782
783 if (type == SSL_FILETYPE_PEM) {
784 crl->monitors[0].path = strdup(path);
785 crl->monitors[0].type = SSL_FILETYPE_PEM;
786 if (crl->monitors[0].path == NULL)
787 ret = MEMORY_E;
788 } else {
789 crl->monitors[1].path = strdup(path);
790 crl->monitors[1].type = SSL_FILETYPE_ASN1;
791 if (crl->monitors[1].path == NULL)
792 ret = MEMORY_E;
793 }
794
795 if (monitor & WOLFSSL_CRL_START_MON) {
796 WOLFSSL_MSG("start monitoring requested");
797
798 ret = StartMonitorCRL(crl);
799 }
800 }
801
802 f_closedir(&dir);
803
804 return ret;
805}
806
807#endif /* NO_FILESYSTEM */
808
809#endif /* HAVE_CRL */
810#endif /* !WOLFCRYPT_ONLY */
Note: See TracBrowser for help on using the repository browser.